FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » Failed logins "password" in Action Log
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Failed logins "password" in Action Log [message #27709] Thu, 22 September 2005 11:07 Go to next message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Is there anyway to turn off the feature where the forum logs the failed password the user entered? I find it rather "unsecure" to so easilly (For other admins) to access the users passwords.

Example:
I try to loginto this forum as "ernesto" with the password "google".

Sadly, my username is "Ernesto" and not "ernesto" so now the admin here can see my password.



So, my question: Can I turn this off in my own forum in any way?


Re: Failed logins "password" in Action Log [message #27710 is a reply to message #27709] Thu, 22 September 2005 11:31 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
You can only do that by modifying forum code.

FUDforum Core Developer
Re: Failed logins "password" in Action Log [message #27711 is a reply to message #27709] Thu, 22 September 2005 11:34 Go to previous messageGo to next message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Don't you agree with me that the default logging of each failed password (no encryption) is a rather unsafe thing? =)

Second question: Where would i have to look if i dont want login names to be case sensitive?

Edit: added a second sentance


[Updated on: Thu, 22 September 2005 11:35]

Report message to a moderator

Re: Failed logins "password" in Action Log [message #27712 is a reply to message #27711] Thu, 22 September 2005 11:43 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
The data is ONLY visible to forum admins, people who already can change the user's password if they so choose to. And even though the forum stores passwords as md5 hashes and admin could always modify the code to log ALL login attempts. Ultimately, if you don't trust your administrator, who do you trust?

You need to edit the SQL schema if your want to change case sensetivity of the logins.


FUDforum Core Developer

[Updated on: Thu, 22 September 2005 11:44]

Report message to a moderator

Re: Failed logins "password" in Action Log [message #27713 is a reply to message #27709] Thu, 22 September 2005 11:47 Go to previous message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Thanks alot for your fast responses as always Ilia =)

Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: decrease font size of forum path
Next Topic: How to add thread manually to DB?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Oct 18 12:53:28 EDT 2017

Total time taken to generate the page: 0.00677 seconds